Skip to content

Secure coding guidelines on working with archive files

Michael Henriksen requested to merge secure-coding-guildelines-archives into master

What does this MR do and why?

Adds a section in the secure coding guidelines on working with archive files. The section covers Zip Slip/path traversal and symlink vulnerabilities which are the two most commonly seen vulnerabilities in applications working with archives.

/cc @gitlab-com/gl-security/appsec

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports

Loading